Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Washington Post email system breached by Syrian Electronic Army phishing attack

Staff go into 'huddle'

Article comments

A raid by the Syrian Electronic Army (SEA) on the Washington Post this week was aided by a successful phishing attack on the one of its journalists, the newspaper has confirmed. But how did the atttackers penetrate its defences?

According to the Post, the attackers gained access to the Twitter account of an unnamed journalist, using it to post pro-SEA messages in the rapid-fire style that has become the group’s calling card in numerous other take-overs.

In addition, “for 30 minutes this morning [15 August], some articles on our web site were redirected to the Syrian Electronic Army’s site,” the paper said in a brief web statement, a compromise attributed to an attack on business partner, Outbrain.

However, an internal Post email published by security sleuth Brian Krebs (himself a former Washington Post staffer) explains that the SEA attack had earlier successfully hacked the email account of at least one journalist, sports writer Jason Reid.

Reid is said it have fallen for a phishing attack that spoofed the newspaper’s Outlook Web Access email system on Monday 12 August. Armed with access to his account, the attackers then sent what appeared to be emails to other Washington Post journalists, almost certainly attaching keyloggers that would be used to capture new logins, including those for Twitter accounts.

“We’ve shut down Jason’s account and told him he cannot use his laptop/account tonight.” Read an internal email published on Krebs’ site. “We’ll huddle again Tue morning at 9.05am to provide latest updates, analysis and next steps,” it continues.

The to-do checklist for management includes a note for one member of staff to speak to security forensics firm Mandiant, an outfit that made part of its name as the go-to during a wave of attacks on US news media – including the Washington Post - publicised in January this year.

“Other well-known Posties came close to be tricked by the phishing attack. One of those nearly-phished was veteran Post staffer Gene Weingarten, one of the Post’s Pulitzer Prize winning editors and writers,” noted Krebs.

“I was phished….one of four, but I never entered any creds. I’m stupid, but not THAT stupid,” Weingarten told Krebs in an email.

The attack on The Washington Post was part of a larger SEA campaign this week that saw similar email and web assaults on a swathe of US media, including the New York Post, CNN, and Time.  

Earlier in the year, Chinese hackers were accused by The New York Times of launching targeted attacks on them beginning in September 2012. Only days ago, security firm FireEye noticed that the backdoors used in those attacks had recently been updated to evade detection.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *